Actually these RFID tags are from the bars in the French Quarter that monitor your consumption of Hurricanes.. sponsored of course by us equipment vendors who will wait until you are obtunded and show involuntary Opsoclonussigns so we can get you to put an X on a PO for an expensive non CMS reimbursable piece of equipment that will be obsolete 2 weeks after it is installed.

I live in a world where an electronic device implanted in my chest counts my every heart beat, tracks my physical activity, looks at the build up of fluid in my chest, knows my implant date, and even the dates of visits to my EP's office. It also tracks its own performance and the possibility of its malfunction.

Yet it shares none of this information with me, the originator of the data and its rightful owner.

But wait, it doesn't stop here. The implantable device is wirelessly connected to a proprietary, closed network created and run by the same people who built it. And in addition to my data "they" also track data collected from half a million other people like me.

Furthermore, the manufacturer has unrestricted access to all of this data and can use it however it sees fit. For example, it can look at how the leads of my ICD are performing in comparison to similar models implanted in other people and make adjustments or improvements to their product line based on this valuable information.

No one ever asked me if I'd like to "opt out" of sharing this data with the corporation who sold me the gadget. And yet I am kept out of the loop and in the dark. (Sure, they'll humor my occasional request for a print out just to shut me up. But that's far from enough in my view.)

Such is my world. I'm sure you'll agree it is, in some ways, like roaming the conference rooms of 2011 ACC not knowing how your RFID data will be used. But one thing can be said about remote patient monitoring. It sure seems a lot more like remote patient surveillance, doesn't it?

This action also violates the FTC's Fair Information Practice Principles

The core principles of privacy addressed by these principles are:

1. Notice/Awareness: Consumers should be given notice of an entity's information practices before any personal information is collected from them. This requires that companies explicitly notify of some or all of the following:identification of the entity collecting the data; identification of the uses to which the data will be put; identification of any potential recipients of the data; the nature of the data collected and the means by which it is collected; whether the provision of the requested data is voluntary or required; the steps taken by the data collector to ensure the confidentiality, integrity and quality of the data.

2. Choice/Consent: Choice and consent in an online information-gathering sense means giving consumers options to control how their data is used. Specifically, choice relates to secondary uses of information beyond the immediate needs of the information collector to complete the consumer's transaction. The two typical types of choice models are 'opt-in' or 'opt-out.' The 'opt-in' method requires that consumers affirmatively give permission for their information to be used for other purposes; without the consumer taking these affirmative steps in an 'opt-in' system, the information gatherer assumes that it cannot use the information for any other purpose. The 'opt-out' method requires consumers to affirmatively decline permission for other uses; without the consumer taking these affirmative steps in an 'opt-out' system, the information gatherer assumes that it can use the consumer's information for other purposes. Each of these systems can be designed to allow an individual consumer to tailor the information gatherer's use of the information to fit his or her preferences by checking boxes to grant or deny permission for specific purposes rather than using a simple "all or nothing" method.

3. Access/Participation: Access as defined in the Fair Information Practice Principles includes not only a consumer's ability to view the data collected, but also to verify and contest its accuracy. This access must be inexpensive and timely in order to be useful to the consumer.

4. Integrity/Security: Information collectors should ensure that the data they collect is accurate and secure. They can improve the integrity of data by cross-referencing it with only reputable databases and by providing access for the consumer to verify it. Information collectors can keep their data secure by protecting against both internal and external security threats. They can limit access within their company to only necessary employees to protect against internal threats, and they can use encryption and other computer-based security systems to stop outside threats.

5. Enforcement/Redress: In order to ensure that companies follow the Fair Information Practice Principles, there must be enforcement measures. The FTC identified three types of enforcement measures: self-regulation by the information collectors or an appointed regulatory body; private remedies that give civil causes of action for individuals whose information has been misused to sue violators; and government enforcement, which can include civil and criminal penalties levied by the government.

It is time to pursue a class action suite against the ACC for this willful violation of member's privacy.

Ok, please opt out if you do not want to be part of a class action lawsuit against the ACC.Please. Opt out solutions simply do not work. Virtually all privacy policies require that you opt in.This is a big privacy violation and will come with a big penalty from the membership.

Let's review the ways in which the ACC is violating your rights as an American citizen:1. The first amendment guarantees Freedom of assembly, sometimes used interchangeably with the freedom of association, which is the individual right to come together and collectively express, promote, pursue and defend common interests. You do not have the right to have an organized assembly (meeting) in any hotel which has contracted with the ACC unless you pay the ACC. You no longer have the right to engage in CME activities, unless they are provided by the ACC.2. The first amendment protects the freedom of religion, speech, and the press. In removing satellite symposia, the ACC has decided that only the ACC and its designees can freely speak and engage in CME activities.3. You no longer have a right to privacy. Your individual movement at ACC is tracked and this information is sold to industry. The ACC has issued no policy statement outlining whether aggregate data or your individual data is being sold to industry.

I realize I maybe getting a little off topic here, but with DrWes's permission, I'd like to explain what I meant above.

To Anony Thu Apr 07, 08:39:00 PM,

This is truly an issue for me. But to clarify, I do NOT object to information being made available to industry and doctors. What I DO object to is limiting patients' access to their remote monitoring data, regardless of how unintelligible or complex we think this data might be to them.

As it becomes increasingly expected of patients to take responsibility for their care, they will need unrestricted access to their data in order to do so.

I hope that in a not-so-distant future patients will be able to combine data from their implantable devices with a diverse ecosystem of interoperable health and fitness devices for a complete picture of their health. We can start today by allowing patients to access remote monitoring data collected by their ICDs and pacemakers.

The comparison is valid because an audience who's ostensibly familiar with remote monitoring should not resent the use of RFID at at professional conference such as the ACC. In my view, not much different than remote patient monitoring in its paternalistic, despotic and unfair way.

I agree. You should be made fully aware of the "process". Understand though that, you would not be able to parse any of your own data. Sure cardiology is full of data reads, but often as I am sure Wes would agree, all that stuff is useless without proper and especially experienced analysis. Having said that, sometimes, all the best tech/edu is not worth shit. Sometimes, all I have to do is glance at you and know that my call to Wes will change your treatment regardless. Yes it is that ever-changing target kind of thing. We have the data for support, but have to be ready to push it aside at any moment as well.

I am listening to you. It must be hard to adjust to your constant companion. Maybe similar to those that struggle to find peace with a transplanted organ. I can't say that I have any idea what it really feels like for you. I can only listen and learn from you.

-SCRN(just maybe for validity? I am a second career nurse with over 20 years in the corporate world, I still retain the abilities of a "normal" human to see and understand ;)

Thank you so much for posting on Dr. Lewin's blog about the RFID tags. I noticed the sensors immediately. While filling out my CME forms, I made damn sure that I was in each and every presentation from beginning to end (no bathroom breaks).

I half expect a paper by Dr. Al Khatib analyzing the RFID data compared with the self reported CME certificates with the conclusion that cardiologists are lying scoundrels. The other option is Dr. Lewin building a file on each of us using Hoover techniques.

About Me

Westby G. Fisher, MD, FACC is a board certified internist, cardiologist, and cardiac electrophysiologist (doctor specializing in heart rhythm disorders) practicing at NorthShore University HealthSystem in Evanston, IL, USA and is a Clinical Associate Professor of Medicine at University of Chicago's Pritzker School of Medicine. He entered the blog-o-sphere in November, 2005.
DISCLAIMER: The opinions expressed in this blog are strictly the those of the author(s) and should not be construed as the opinion(s) or policy(ies) of NorthShore University HealthSystem, nor recommendations for your care or anyone else's. Please seek professional guidance instead.